Do I Really Need a Lock Screen on My Phone?

Android Lock Screen

Do you ever miss the simplicity of those flip phones from the late 90’s and early 2000’s?  You know the ones; you snap it open and you are instantly greeted with all the functionality you could expect from a phone:  calling people and, if you were really adventurous, using text messages.  The LCD had two colors:  on and off.  It was heavier than a Hummer H2 and nearly impervious to a drop from any height.

If you reminisce from time to time about how cell phones were better before they had 4G or a data connection, you might look at your current smartphone and wonder, “why do I need to have a passcode, PIN code, or registered fingerprint to unlock this phone?  Why do I need to unlock it at all?”

The CIA Model

Before we can answer that question, we first need to take a look at a model that information security professionals use to develop policies for businesses: the CIA Triad:

CIA information security model on confidentiality, integrity, and availability.

You might be wondering now, “what does this all have to do with my cell phone?”  That’s a great question, so let’s look at each component of the CIA model as it applies to your smartphone.

Confidentiality

If the primary goal of maintaining confidentiality is ensuring that only authorized individuals have access to a system or device, then what that means for your smartphone is taking precautions to ensure, within reason, that only you are able to use it.  Typically, this assurance comes one or more of these controls at the lock screen:

  • PIN entry requirement
  • Password or Passphrase entry requirement
  • Fingerprint verification
  • Facial recognition

If someone gets physical access to your smartphone, whether by deliberately stealing it or happenstance because it fell out of your pocket on the bus, one of those lock screen controls may be the only thing separating that person from your contacts list, e-mails, social media applications, or app store accounts.  In the absence of a lock screen, your lost phone could become a treasure trove of information for a hacker or fraudster.  They might use your contact list to identify other persons to target, leverage the accounts you have signed in on the device as a way to get to your financial information, or take advantage of social media apps to convince other friends and acquaintances to send them money while pretending to be you.

Lock screens are like digital vaccines:  having one doesn’t guarantee your device won’t be infected or compromised, but it dramatically improves the odds that it won’t.

Integrity

The concept of integrity can really be thought of, at least for the purposes of this discussion, as an extension of confidentiality.  Not in the sense that integrity includes any part of identity verification, but in the way that a device or system can be altered if an unauthorized person manages to gain access.  Integrity matters:  you put information into your smartphone and you rely on it to remain true.  This can include things like:

  • Contacts, both personal or professional and frequently or infrequently contacted
  • Apps that might be signed in to sensitive accounts like financial institutions
  • Primary email account, which an unauthorized user might leverage to reset the passwords to other sensitive accounts they discover by rummaging through old communications stored on the phone
  • Text messages, which might shed light on relationships that could be exploited using simple social engineering techniques

Imagine if your phone was taken off your desk while you went to lunch, but returned before you got back: you would not necessarily notice it had been moved or touched in any way.  Now imagine that the person who took it searched your emails for frequently contacted people, checked the banking apps on your phone, or looked up notes you had typed with password hints.  “BUT WAIT,” you might say, “I don’t use my phone for any of those things!”  That’s a fair point: imagine if they looked through your contacts list to see who you contact most frequently and how long you often talk with them.  What could they learn:

  • Identity of a spouse or other partner
  • Close friends
  • Old friends or acquaintances who may not stay in contact with you
  • Colleagues
  • Extended family members

Now, image this person took this contact information and began reaching out to all of these people soliciting them for money on your behalf, encouraging them to open links that take them to dangerous places, or using social engineering techniques to get more of their own information.  

Like vaccines, lock screens can protect other people you care about just as much as they can protect you.

An effective lock screen can stop this scenario from happening: remember, securing your device isn’t just about you.  Securing your phone reduces the risk that other people become victims of fraud because of information gained by accessing your device.

Availability

We all want technology to work on our terms: how we want and when we want.  When you have a smartphone that is never locked, you leave it at risk any time it is left unattended.  While away, someone else could get access to it and make changes to the device that impact how and when the device works.  Left unlocked and unattended, someone could pick up your device and remove applications or install rogue software to capture your sensitive information including phone calls, text messages, the buttons you press in the dialer while calling your bank, or to transmit other information about you like your location back to the hacker. 

There are many ways for hackers to alter the way your device works once they get past the lock screen, so make sure they need to do more than just swipe up to get into your device.

This could mean apps or phone features stop working or could be disabled intentionally by the hacker at a time of their choosing, possibly as a way to control your ability to report other criminal activity.  Imagine if your cell phone could not make calls during an emergency or if voice calling stops working sporadically after a new app appears on your home screen.  There are many ways for hackers to alter the way your device works once they get past the lock screen, so make sure they need to do more than just swipe up to get into your device.

Conclusion

If, after looking at just a few of the ways a lock screen can protect you, your friends, your family, and even your colleagues, you still wonder if you need a lock screen on your phone, I have prepared a handy flow chart to help you decide:

Do I Need A Lock Screen Flow Chart.  Yes, You Do.
Yes, you need a lock screen

 

One thought on “Do I Really Need a Lock Screen on My Phone?

Add yours

Share Your Thoughts:

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑